• International Journal of Fuzzy Logic and Intelligent Systems
• /
• 제4권3호
• /
• pp.311-315
• /
• 2004

Because of the characteristics of the cyber world, such as usefulness, anonymousness, patency, economic performance, rapidness, etc., cyber counseling has great possibility. Because he or she may not meet a consultant directly, a client can expose his/her inside problems or secret personal problems, keeping anonymousness. However, existing cyber counseling has the limit in durability of counseling because target counseling appropriate to a client is impossible and a counseling activity is done by one time counseling. In this paper, we attempt to develop a target cyber counseling system in which target cyber counseling is possible. The system will use a counseling assistance agent who can play the role of a counseling supporter as well as a counselor in the cyber space. If target counseling becomes possible, it can heighten efficiency of cyber counseling because a client is satisfied with the result of counseling and thus counseling activities can be continued.

• 인터넷정보학회논문지
• /
• 제22권6호
• /
• pp.115-127
• /
• 2021

전 세계적으로 과학기술의 발달에 따라 육·해·공·우주에 이어 사이버공간이라는 영역 또한 전장 영역으로 인식되고 있다. 이에 따라 육·해·공·우주에서 이루어지는 물리적 작전뿐만 아니라 사이버공간에서 이루어지는 사이버 작전 수행을 위한 정의, 체계, 절차, 계획 등 다양한 요소를 설계·수립해야 한다. 본 연구에서는 사이버 작전의 표적처리(Targeting) 중 표적개발 및 우선순위 부여 단계에서 중간표적개발을 통해 선정한 사이버 표적 목록에 대한 우선순위를 부여할 때 고려할 수 사이버 표적의 중요성을 고려 요소로 선정하여 이에 대한 점수를 산출, 사이버 표적 우선순위 선정 점수의 일부로 활용하는 방안을 제시한다. 이에 따라, 사이버 표적 우선순위 부여 과정에서 사이버 표적 중요성 범주를 설정하고, 사이버 표적 중요성 개념 및 기준항목을 도출한다. 도출된 기준항목별 점수산정 및 종합을 위해 PageRank 알고리즘을 기반으로 Event Prioritization Framework 등의 매개변수를 종합한 TIR(Target Importance Rank) 알고리즘을 제안한다. 그리고 스턱스넷 사례 기반 네트워크 토폴로지 및 시나리오 데이터를 구성하여 제안된 알고리즘으로 사이버 표적 중요성 점수를 도출하고 사이버 표적의 우선순위를 선정하여 제안된 알고리즘을 검증한다.

• International Journal of Fuzzy Logic and Intelligent Systems
• /
• 제6권4호
• /
• pp.277-281
• /
• 2006

Cyber counseling, one of the most compatible type of consultation for the information society, enables people to reveal their mental agonies and private problems anonymously, since it does not require face-to-face interview between a counsellor and a client. However, there are few cyber counseling centers which provide high quality and trustworthy service, although the number of cyber counseling center has highly increased. Therefore, this paper is intended to enable an appropriate consultation for each client by analyzing client propensity using Bayesian variable selection. Bayesian variable selection is superior to stepwise regression analysis method in finding out a regression model. Stepwise regression analysis method, which has been generally used to analyze individual propensity in linear regression model, is not efficient since it is hard to select a proper model for its own defects. In this paper, based on the case database of current cyber counseling centers in the web, we will analyze clients' propensities using Bayesian variable selection to enable individually target counseling and to activate cyber counseling programs.

• 한국컴퓨터정보학회논문지
• /
• 제24권9호
• /
• pp.35-42
• /
• 2019

In this paper, we propose an approach to apply network-based moving target defense into Internet of Things (IoT) networks. The IoT is a technology that provides the high interconnectivity of things like electronic devices. However, cyber security risks are expected to increase as the interconnectivity of such devices increases. One recent study demonstrated a man-in-the-middle attack in the statically configured IoT network. In recent years, a new approach to cyber security, called the moving target defense, has emerged as a potential solution to the challenge of static systems. The approach continuously changes system's attack surface to prevent attacks. After analyzing IPv4 / IPv6-based moving target defense schemes and IoT network-related technologies, we present our approach in terms of addressing systems, address mutation techniques, communication models, network configuration, and node mobility. In addition, we summarize the direction of future research in relation to the proposed approach.

• 디지털산업정보학회논문지
• /
• 제16권1호
• /
• pp.79-92
• /
• 2020

As the number of systems increases and the network size increases, automated attack prediction systems are urgently needed to respond to cyber attacks. In this study, we developed four types of information gathering sensors for collecting asset and vulnerability information, and developed technology to automatically generate attack graphs and predict attack targets. To improve performance, the attack graph generation method is divided into the reachability calculation process and the vulnerability assignment process. It always keeps up to date by starting calculations whenever asset and vulnerability information changes. In order to improve the accuracy of the attack target prediction, the degree of asset risk and the degree of asset reference are reflected. We refer to CVSS(Common Vulnerability Scoring System) for asset risk, and Google's PageRank algorithm for asset reference. The results of attack target prediction is displayed on the web screen and CyCOP(Cyber Common Operation Picture) to help both analysts and decision makers.

• 정보보호학회논문지
• /
• 제28권5호
• /
• pp.1247-1258
• /
• 2018

록히드 마틴사(社)에서 제안한 사이버킬체인은 사이버 공격절차를 7단계로 표준화하고, 각 단계별로 적절한 대응방안을 제시함으로써 궁극적으로 공격자가 공격목적을 달성하지 못하도록 하는 사이버작전 수행 간 방어에 대한 방법론을 제공한다. 이와 같은 사이버킬체인 모델을 활용하면 기존의 방법들로는 대응하기 어려웠던 지능형 지속공격(APT)에 보다 효과적인 대응이 가능하다는 장점이 있다. 하지만 최근의 사이버작전은 목표시스템을 직접 공격하는 기술적 사이버작전보다는 목표시스템 관리자나 사용자의 취약점을 통해 목표시스템을 우회적으로 공격하는 사회공학 사이버작전의 비중이 늘어가고 있는 추세이다. 이런 상황에서 기술적 사이버작전을 방어하기 위한 기존의 사이버킬체인 개념만으로는 사회공학 사이버작전에 효과적으로 대응할 수 없다. 따라서 본 논문에서 우리는 사회공학 사이버 작전에 효과적으로 대응할 수 있는 사회공학 사이버킬체인에 대한 개념을 정립하고자 한다.

• 융합보안논문지
• /
• 제21권1호
• /
• pp.93-100
• /
• 2021

지능형 사이버 공격으로 인한 피해는 시스템 운영 중단과 정보 유출뿐만 아니라 엄청난 규모의 경제적 손실을 동반한다. 최근 사이버 공격은 공격 목표가 뚜렷하며, 고도화된 공격 도구와 기법을 활용하여 정확하게 공격 대상으로 침투한다. 이러한 지능적인 사이버 공격으로 인한 피해를 최소화하기 위해서는 사이버 공격이 공격 대상의 핵심 시스템까지 침입하지 못하도록 공격 초기 또는 과정에서 차단해야 한다. 최근에는 빅데이터나 인공지능 기술을 활용하여 사이버 공격 경로를 예측하고 위험 수준을 분석하는 보안 기술들이 연구되고 있다. 본 논문에서는 자동화 사이버 공격 경로 예측 시스템 개발을 위한 기초 메커니즘으로 공격 트리와 RFI 기법을 활용한 사이버 공격 경로 분석 방법을 제안한다. 공격 트리를 활용하여 공격 경로를 가시화하고 각 공격 단계에서 RFI 기법을 이용하여 다음 단계로 이동할 수 있는 경로를 판단한다. 향후에 제안한 방법을 기반으로 빅데이터와 딥러닝 기술을 활용한 자동화된 사이버 공격 경로 예측 시스템의 메커니즘으로 활용할 수 있다.

• 한국의학물리학회지:의학물리
• /
• 제29권2호
• /
• pp.73-80
• /
• 2018

Accelerated partial breast irradiation (APBI) is a new treatment delivery technique that decreases overall treatment time by using higher fractional doses than conventional fractionation. Here, a quantitative analysis study of CyberKnife-based APBI was performed on 10 patients with left-sided breast cancer who had already finished conventional treatment at the Inha University Hospital. Dosimetric parameters for four kinds of treatment plans (3D-CRT, IMRT, VMAT, and CyberKnife) were analyzed and compared with constraints in the NSABP B39/RTOG 0413 protocol and a published CyberKnife-based APBI study. For the 10 patients recruited in this study, all the dosimetric parameters, including target coverage and doses to normal structures, met the NSABP B39/RTOG 0413 protocol. Compared with other treatment plans, a more conformal dose to the target and better dose sparing of critical structures were observed in CyberKnife plans. Accelerated partial breast irradiation via CyberKnife is a suitable treatment delivery technique for partial breast irradiation and offers improvements over external beam APBI techniques.

• Nuclear Engineering and Technology
• /
• 제51권1호
• /
• pp.138-145
• /
• 2019

With the application of digital technology to safety-critical infrastructures, cyber-attacks have emerged as one of the new dangerous threats. In safety-critical infrastructures such as a nuclear power plant (NPP), a cyber-attack could have serious consequences by initiating dangerous events or rendering important safety systems unavailable. Since a cyber-attack is conducted intentionally, numerous possible cases should be considered for developing a cyber security system, such as the attack paths, methods, and potential target systems. Therefore, prior to developing a risk-informed cyber security strategy, the importance of cyber-attacks and significant critical digital assets (CDAs) should be analyzed. In this work, an importance analysis method for cyber-attacks on an NPP was proposed using the probabilistic safety assessment (PSA) method. To develop an importance analysis framework for cyber-attacks, possible cyber-attacks were identified with failure modes, and a PSA model for cyber-attacks was developed. For case studies, the quantitative evaluations of cyber-attack scenarios were performed using the proposed method. By using quantitative importance of cyber-attacks and identifying significant CDAs that must be defended against cyber-attacks, it is possible to develop an efficient and reliable defense strategy against cyber-attacks on NPPs.

• 한국산업융합학회 논문집
• /
• 제23권2_2호
• /
• pp.333-341
• /
• 2020

In this paper, we introduce a smart city-cyber-security-grid-matrix methodology, as a result of research on overall cyber security of smart cities. The identified cyber security risks that threaten smart cities and smart-city-cyber-security-threat list are presented. The smart-city-cyber-security-requirements necessary to secure the smart city cyber security with the developed smart city-cyber-security-grid-matrix are given in this paper. We show how the developed smart city-cyber-security-grid-matrix methodology can be applied to real world. For it, we interlocked the developed smart city-cyber-security-grid-matrix methodology with the cyber-security-framework of the National Institute of Standards and Technology, and developed a framework-based smart city-cyber-security-grid-matrix. Using it, it is easy and comfortable to check the level of cyber security of the target smart ciy at a glace, and the construction and operation of the smart city security system is systematized.